CVE-2006-1094

SQL injection vulnerability in Datenbank MOD 2.7 and earlier for Woltlab Burning Board allows remote attackers to execute arbitrary SQL commands via the fileid parameter to (1) info_db.php or (2) database.php.

Published: Mar 9, 2006
Updated: Apr 13, 2023
CVE: CVE-2006-1094
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
woltlab / burning_board	2.4	2.4.x
woltlab / burning_board	2.7	2.7.x
woltlab / burning_board	1.1.1	1.1.1.x
woltlab / burning_board	2.0_beta_4	2.0_beta_4.x
woltlab / burning_board	2.2.2	2.2.2.x
woltlab / burning_board	2.3.3	2.3.3.x
woltlab / burning_board	2.3.1	2.3.1.x
datenbank_module / datenbank_module	-	2.7.x
woltlab / burning_board	2.0_beta_3	2.0_beta_3.x
woltlab / burning_board	2.5	2.5.x
woltlab / burning_board	2.6	2.6.x
woltlab / burning_board	2.0_rc1	2.0_rc1.x
woltlab / burning_board	2.0_beta_5	2.0_beta_5.x
woltlab / burning_board	2.0_rc2	2.0_rc2.x

http://www.nukedx.com/?viewdoc=17
http://www.osvdb.org/23808
http://www.osvdb.org/23810
http://www.securityfocus.com/archive/1/426583
http://www.securityfocus.com/bid/16914

Vulnerability Database

289,871

CVE-2006-1094